1. Field of the Invention
The invention disclosed and claimed herein generally pertains to a method for improving comprehension of security labels and other information in a security enhanced environment, by representing the information to a user in selected audio forms. More particularly, the invention pertains to a method of the above type wherein, in response to an effort by a subject in a particular domain to access an object of a particular type, different audio signals or sounds may be used to indicate that access has respectively been permitted or denied.
2. Description of the Related Art
In a software security environment such as Security Enhanced (SE)Linux, subjects are associated with or classified into domains, and objects are classified by respective types. When a subject seeks to access a particular object, a decision is made to either grant the subject access to the object, or to deny such access. In SELinux, messages denying access and also certain error messages are typically stored in an Access Vector Cache (AVC), in order to provide an audit trail. In security environments of this type, subjects generally are active entities in a given system, and objects are passive entities in the system. Objects may include, by way of example and not limitation, files, records and messages.
A disadvantage of a security arrangement such as SELinux is that the security policy thereof can be very difficult to create and administer. For example, when SELinux access controls deny access to an object, error messages associated with the denial are often misunderstood by users. Also, domain and type labels used to identify subjects and objects, respectively, are in the form of strings that are typically stored in extended attributes. As a result, detailed messages and audit trails are often forgotten, or are difficult to interpret. Moreover, if a subject in a software program seeks to access an object in a directory, a database or the like, and the label of the subject or the object is not correct, it may be difficult or impossible to gain access. As a further problem, security policy often requires the use of sophisticated graphic user interface tools, and it can be difficult for users to understand information that SELinux emits, including information pertaining to access decisions.